Paper 2012/594

Improved Impossible Differential Attack on Reduced Version of Camellia-192/256

Ya Liu, Dawu Gu, Zhiqiang Liu, and Wei Li


As an ISO/IEC international standard, Camellia has been used various cryptographic applications. In this paper, we improve previous attacks on Camellia-192/256 with key-dependent layers $FL/FL^{-1}$ by using the intrinsic weakness of keyed functions. Specifically, we present the first impossible differential attack on 13-round Camellia with $2^{121.6}$ chosen ciphertexts and $2^{189.9}$ 13-round encryptions, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, we successfully attack 14-round Camellia-256 with $2^{122.1}$ chosen ciphertexts and $2^{229.3}$ 14-round encryptions. Compared with the previously best known attack on 14-round Camellia-256, the time complexity of our attack is reduced by $2^{8.9}$ times and the data complexity is comparable.

Available format(s)
Publication info
Published elsewhere. Submit to Information Processing Letters
Block CipherCamelliaImpossible Differential Cryptanalysis
Contact author(s)
liuyaloccs @ gmail com
2012-10-25: received
Short URL
Creative Commons Attribution


      author = {Ya Liu and Dawu Gu and Zhiqiang Liu and Wei Li},
      title = {Improved Impossible Differential Attack on Reduced Version of Camellia-192/256},
      howpublished = {Cryptology ePrint Archive, Paper 2012/594},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.